Snort behind an initial firewall
-
Trying to configure snort on PFsense when the pfsense box is behind an initial firewall.
The setup is the ISP Internet connection comes in a first router and some Internet traffic is directed to the PFSense box hosting snort. Essentially the PFsense box is receiving the internet via a 192.168.172.4 WAN connection and a 192.168.172.100 gateway to the PFsense box/Lan which is 192.168.30.1.
The issue is snort blocks the traffic from 192.168.172.100, since i presume, it thinks it is an invalid IP. How can I tell snort to accept all traffic from this IP and gateway but to check it and not lock out the gateway in the process.
When I turn on Snort it blocks the gateway with various rules coming or going out to an Internet address.
Thanks for the help!
-
With the timing of your post, it may have nothing to do with being a rear firewall - http://forum.pfsense.org/index.php/topic,60329.45.html
Many found their WAN IPs blocked regardless of whether they were whitelisted. Uninstall and reinstall seems to fix the problem.